Trend #3: Strength in NumbersCloud computing, and in particular, Internet as a service, or IAAS, has become an important piece of modern commercial IT. Amazon EC2, for example, allows versatility and elasticity for organizations (big and small), allowing them to sustain a direct correlation between their business activity volume and IT costs. The same holds true for the hacking community.

In 2013, we expect to see a growing use of IAAS by attackers for different activities. There are a number of aspects that make cloud computing an appealing offering for attackers, and, especially those that are profit driven:

Elasticity – the ability to quickly get hold of a lot of computing resources without too many prerequisites.

Cost – the ability to closely tie up spending with specific attack campaign and the potential gain.

Resilience – the use of commercial cloud-computing platforms reduces the ability of defenders to black-list attackers and adds much valued latency to the process of server takedown.

Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon’s EC2 cloud. In particular, this practice is used with respect to fraud and business logic attacks whose network footprint is relatively low per server (and thus hard to detect as a network traffic anomaly). In addition, for DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, an attacker can mount a large scale attack from the cloud. The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken.

Finally, expect to see more usage of on demand computing power as attackers obtain larger quantities of unstructured data and find themselves in a need of computing power in order to process their bounty.